A computer-implemented method for implementing multi-factor authentication may include 1) receiving, as part of a secondary authentication system, an authentication request from a client system, 2) redirecting the client system to first perform a first authentication with a primary authentication system in response to receiving the authentication request, 3) receiving an assertion of the first authentication from the client system that demonstrates that the first authentication was successful, and 4) performing a second authentication with the client system in response to receiving the assertion of the first authentication. Various other methods, systems, and computer-readable media are also disclosed.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented method for implementing multi-factor authentication, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising: receiving, as part of a secondary authentication system, an authentication request from a client system; redirecting the client system to first perform a first authentication with a primary authentication system in response to receiving the authentication request; receiving an assertion of the first authentication from the client system that demonstrates that the first authentication was successful; performing a second authentication with the client system in response to receiving the assertion of the first authentication.
2. The computer-implemented method of claim 1 , wherein receiving the authentication request comprises receiving an authentication request initiated by an access manager that is configured to authenticate the client system via the secondary authentication system.
3. The computer-implemented method of claim 2 , wherein the access manager initiated the authentication request upon intercepting a request for a protected resource from the client system.
4. The computer-implemented method of claim 2 , wherein the primary authentication system and the access manager both are installed and operate within a single enterprise network.
5. The computer-implemented method of claim 4 , wherein the secondary authentication system comprises a service configured to operate outside the single enterprise network.
6. The computer-implemented method of claim 2 , further comprising redirecting the client system to the access manager with an assertion of the second authentication after performing the second authentication.
7. The computer-implemented method of claim 6 , wherein the access manager is configured to grant access to a protected resource to the client system after receiving the assertion of the second authentication.
8. The computer-implemented method of claim 1 , wherein performing the second authentication comprises: retrieving user identification information from the assertion of the first authentication; performing the second authentication using the user identification information instead of requesting the user identification information from the client system.
9. The computer-implemented method of claim 1 , wherein the primary authentication system receives an authentication credential from the client system and redirects the client system to the secondary authentication system with the assertion of the first authentication.
10. A system for implementing multi-factor authentication, the system comprising: a receiving module programmed to receive, as part of a secondary authentication system, an authentication request from a client system; a redirection module programmed to redirect the client system to first perform a first authentication with a primary authentication system in response to receiving the authentication request; an assertion module programmed to receive an assertion of the first authentication from the client system that demonstrates that the first authentication was successful; an authentication module programmed to perform a second authentication with the client system in response to receiving the assertion of the first authentication; at least one processor configured to execute the receiving module, the redirection module, the assertion module, and the authentication module.
11. The system of claim 10 , wherein the receiving module is configured to receive the authentication request by receiving an authentication request initiated by an access manager that is configured to authenticate the client system via the secondary authentication system.
12. The system of claim 11 , wherein the access manager initiated the authentication request upon intercepting a request for a protected resource from the client system.
13. The system of claim 11 , wherein the primary authentication system and the access manager both are installed and operate within a single enterprise network.
14. The system of claim 13 , wherein the secondary authentication system comprises a service configured to operate outside the single enterprise network.
15. The system of claim 11 , wherein the authentication module is further programmed to redirect the client system to the access manager with an assertion of the second authentication after performing the second authentication.
16. The system of claim 15 , wherein the access manager is configured to grant access to a protected resource to the client system after receiving the assertion of the second authentication.
17. The system of claim 10 , wherein the authentication module is further programmed to perform the second authentication by: retrieving user identification information from the assertion of the first authentication; performing the second authentication using the user identification information instead of requesting the user identification information from the client system.
18. The system of claim 10 , wherein the primary authentication system receives an authentication credential from the client system and redirects the client system to the secondary authentication system with the assertion of the first authentication.
19. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to: receive, as part of a secondary authentication system, an authentication request from a client system; redirect the client system to first perform a first authentication with a primary authentication system in response to receiving the authentication request; receive an assertion of the first authentication from the client system that demonstrates that the first authentication was successful; perform a second authentication with the client system in response to receiving the assertion of the first authentication.
20. The computer-readable-storage medium of claim 19 , wherein the one or more computer-executable instructions cause the computing device to receive the authentication request by causing the computing device to receive an authentication request initiated by an access manager that is configured to authenticate the client system via the secondary authentication system.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
June 11, 2012
August 12, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.